N° and issue date : 40407 - 07/04/2004 

Circulation : Unknown 

Periodicity : Monthly Page : 7 
EnterpriseTelecoms_40407_7_301.pdf Size : 100 % 
Web Site: http:/Avww.telcap.co.uk/ 


Enterprise Telecoms 


software failing 
business 


> Large businesses are riddled with 
viruses and continue to suffer denial- 
of-service (DoS) attacks, despite diligently 
buying anti-virus software. This state 
of affairs is highlighted in the bi-annual 
survey from the UK’s Department of 
Trade and Industry, published in April. 

Half of all UK businesses suffered from 
virus infections or DoS attacks last year, up 
from 41% in 2002 and 16% in 2000. This is 
despite the presence of anti-virus software 
in 99% of large businesses. 

“It is a clear indication that attacks are 
getting ahead of anti-virus software,” said 
Gerhard Eschelbeck, chief technology 
officer of security firm Qualsys. “Anti-virus 
software only offers companies one- 
dimensional protection. Most worm 
attacks use multiple attack vectors. 
This trend has continued since the Nimda 
virus.” While worms sent through email 
can be trapped by anti-virus software, 
they can come through a back door or 
be spread through their own built-in 
email servers. 

As well as becoming more sophisticated, 
viruses are appearing more quickly after 
vulnerabilities are announced. “The window 
of exploit is shortening,” said Eschelbeck. 
“It only took three weeks between the 
Blaster vulnerability being announced 
and seeing the worm.” And the infections 
are also spreading quickly — the Slammer 
worm, for example, was widespread within 
minutes of being unleashed. 

The biggest challenge for companies 
is to patch their systems to fix these 
vulnerabilities; there are up to 40 
vulnerabilities announced each week and 
each organisation can be affected differently 
by each one. 

Eschelbeck said it is imperative that 
companies take an active stance on security 
and carry out regular security audits. 
He added that steps taken by Microsoft 
to have a monthly release cycle will 
help companies plan their patch strategy 
and warned that companies need to 


address vulnerabilities across all operating 


systems, as all are affected (see masterclass 


_ p30). % 
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